ExternalVendorCode/heads
1
0
Fork 0
mirror of https://github.com/linuxboot/heads.git synced 2025-04-13 14:13:02 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'gaspar-ilom/t480' into poc_t480

Browse Source 
Resolve conflicts, enable TPM2 support into board configs that was missing sorry
- remove blobs/kabylake/fetch_split_fsp.sh since unneeded if depending on full FSP from tree
  - removed fsp.fd files placed in blobs and references to it in @gaspar-ilom branch
  - removed blobs/kabylake/* altogether since unneeded
- remove patches/coreboot-24.02.01/* since we use another fork (currently modules/coreboot: t480, might be renamed to coreboot release to be reused later)
- t480 boards depend on targets/xx80_me_blobs.mk now, next commit will cleanup prior work artifacts not needed; @gaspar-ilom approach cleaner

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
This commit is contained in:
Thierry Laurion 2025-02-12 12:26:28 -05:00
commit e6d6001e97
No known key found for this signature in database
GPG Key ID: 9A53E1BB3FF00461
12 changed files with 1122 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.circleci/config.yml
View File

@ -572,3 +572,4 @@ workflows:
subcommand: ""
requires:
- librem_l1um

5
BOARD_TESTERS.md
View File

@ -32,6 +32,11 @@ xx4x(Haswell):
- [ ] t440p: @fhvyhjriur @ThePlexus @srgrint @akunterkontrolle @rbreslow
- [ ] w541 (similar to t440p): @ResendeGHF @gaspar-ilom (Always tested late: Needs more responsive board testers or risk to become unmaintained.)
xx8x(Kaby Lake Refresh):
===
- [ ] t480: @gaspar-ilom
- [ ] t480s (similar to t480): TODO: NOT SUPPORTED OR TESTED YET
Librems:
===
- [ ] Librem 11(JasperLake): @JonathonHall-Purism

1
blobs/xx80/.gitignore vendored Normal file
View File

@ -0,0 +1 @@
me.bin

30
blobs/xx80/README Normal file
View File

@ -0,0 +1,30 @@
The ME blobs dumped in this directory come from the following link: https://dl.dell.com/FOLDER04573471M/1/Inspiron_5468_1.3.0.exe
This provides ME version 11.6.0.1126. In this version CVE-2017-5705 has not yet been fixed.
See https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00086.html
Therefore, Bootguard can be disabled by deguard with a patched ME.
1.0.0:Automatically extract, neuter and deguard me.bin
download_clean_me.sh : Downloads vulnerable ME from Dell verify checksum, extract ME, neuters ME, relocate and trim it, then apply deguard patch and place it into me.bin
sha256sum:
1990b42df67ba70292f4f6e2660efb909917452dcb9bd4b65ea2f86402cfa16b me.bin
1.0.1: Extract blobs from original rom:
extract.sh: takes backup, unlocks ifd, apply me_cleaner to neuter, relocate, trim and deguard it, modify BIOS and ME region of IFD and place output files into this dir.
sha256sum: will vary depending of IFD and ME extracted where IFD regions of BIOS and ME should be consistent.
1.1: More blobs
--------------------
ifd.bin was extracted from a T480 from an external flashrom backup.
sha256sum:
f2f6d5fb0a5e02964b494862032fd93f1f88e2febd9904b936083600645c7fdf ifd.bin
sha256sum:
6b7f3912995fb87ae62956e009470b35b72b5b9a4bfd7bed48da429af9804866 gbe.bin
------------------------
Notes: as specified in first link, this ME can be deployed to:
T480 and T480s

131
blobs/xx80/download_clean_deguard_me.sh Executable file
View File

@ -0,0 +1,131 @@
#!/usr/bin/env bash
# These variables are all for the deguard tool.
# They would need to be changed if using the tool for other devices like the T480s or with a different ME version...
ME_delta="thinkpad_t480"
ME_version="11.6.0.1126"
ME_sku="2M"
ME_pch="LP"
# Integrity checks for the vendor provided ME blob...
ME_DOWNLOAD_HASH="ddfbc51430699e0dfcb24a60bcb5b6e5481b325ebecf1ac177e069013189e4b0"
# ...and the cleaned and deguarded version from that blob.
DEGUARDED_ME_BIN_HASH="1990b42df67ba70292f4f6e2660efb909917452dcb9bd4b65ea2f86402cfa16b"
function usage() {
echo -n \
"Usage: $(basename "$0") path_to_output_directory
Download Intel ME firmware from Dell, neutralize and shrink keeping the MFS.
"
}
function chk_sha256sum() {
sha256_hash="$1"; filename="$2"
echo "$sha256_hash" "$filename" "$(pwd)"
sha256sum "$filename"
if ! echo "${sha256_hash} ${filename}" | sha256sum --check; then
echo "ERROR: SHA256 checksum for ${filename} doesn't match."
exit 1
fi
}
function chk_exists() {
if [ -e "$me_deguarded" ]; then
echo "me.bin already exists"
if echo "${DEGUARDED_ME_BIN_HASH} $me_deguarded" | sha256sum --check; then
echo "SKIPPING: SHA256 checksum for me.bin matches."
exit 0
fi
retry="y"
echo "me.bin exists but checksum doesn't match. Continuing..."
fi
}
function download_and_clean() {
me_output="$(realpath "${1}")"
# Download and unpack the Dell installer into a temporary directory and
# extract the deguardable Intel ME blob.
pushd "$(mktemp -d)" || exit
# Download the installer that contains the ME blob
me_installer_filename="Inspiron_5468_1.3.0.exe"
user_agent="Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0"
curl -A "$user_agent" -s -O "https://dl.dell.com/FOLDER04573471M/1/${me_installer_filename}"
chk_sha256sum "$ME_DOWNLOAD_HASH" "$me_installer_filename"
# Download the tool to unpack Dell's installer and unpack the ME blob.
git clone https://github.com/platomav/BIOSUtilities
git -C BIOSUtilities checkout ef50b75ae115ae8162fa8b0a7b8c42b1d2db894b
python "BIOSUtilities/Dell_PFS_Extract.py" "${me_installer_filename}" -e || exit
extracted_me_filename="1 Inspiron_5468_1.3.0 -- 3 Intel Management Engine (Non-VPro) Update v${ME_version}.bin"
mv "${me_installer_filename}_extracted/Firmware/${extracted_me_filename}" "${COREBOOT_DIR}/util/me_cleaner"
rm -rf ./*
popd || exit
# Neutralize and shrink Intel ME. Note that this doesn't include
# --soft-disable to set the "ME Disable" or "ME Disable B" (e.g.,
# High Assurance Program) bits, as they are defined within the Flash
# Descriptor.
# However, the HAP bit must be enabled to make the deguarded ME work. We only clean the ME in this function.
# https://github.com/corna/me_cleaner/wiki/External-flashing#neutralize-and-shrink-intel-me-useful-only-for-coreboot
pushd "${COREBOOT_DIR}/util/me_cleaner" || exit
# MFS is needed for deguard so we whitelist it here and also do not relocate the FTPR partition
python me_cleaner.py --whitelist MFS -t -O "$me_output" "$extracted_me_filename"
rm -f "$extracted_me_filename"
popd || exit
}
function deguard() {
me_input="$(realpath "${1}")"
me_output="$(realpath "${2}")"
# Download the deguard tool into a temporary directory and apply the patch to the cleaned ME blob.
pushd "$(mktemp -d)" || exit
git clone https://review.coreboot.org/deguard.git
pushd deguard || exit
git checkout 0ed3e4ff824fc42f71ee22907d0594ded38ba7b2
python ./finalimage.py \
--delta "data/delta/$ME_delta" \
--version "$ME_version" \
--pch "$ME_pch" \
--sku "$ME_sku" \
--fake-fpfs data/fpfs/zero \
--input "$me_input" \
--output "$me_output"
popd || exit
#Cleanup
rm -rf ./*
popd || exit
}
if [[ "${BASH_SOURCE[0]}" == "$0" ]]; then
if [[ "${1:-}" == "--help" ]]; then
usage
else
output_dir="$(realpath "${1:-./}")"
me_cleaned="${output_dir}/me_cleaned.bin"
me_deguarded="${output_dir}/me.bin"
chk_exists
if [[ -z "${COREBOOT_DIR}" ]]; then
echo "ERROR: No COREBOOT_DIR variable defined."
exit 1
fi
if [[ ! -f "$me_deguarded" ]] || [ "$retry" = "y" ]; then
download_and_clean "$me_cleaned"
deguard "$me_cleaned" "$me_deguarded"
rm -f "$me_cleaned"
fi
chk_sha256sum "$DEGUARDED_ME_BIN_HASH" "$me_deguarded"
fi
fi

BIN
blobs/xx80/gbe.bin Normal file
View File

Binary file not shown.

3
blobs/xx80/hashes.txt Normal file
View File

@ -0,0 +1,3 @@
6b7f3912995fb87ae62956e009470b35b72b5b9a4bfd7bed48da429af9804866 gbe.bin
f2f6d5fb0a5e02964b494862032fd93f1f88e2febd9904b936083600645c7fdf ifd.bin
1990b42df67ba70292f4f6e2660efb909917452dcb9bd4b65ea2f86402cfa16b me.bin

BIN
blobs/xx80/ifd.bin Normal file
View File

Binary file not shown.

18
boards/t480-hotp-maximized/t480-hotp-maximized.config
View File

@ -1,4 +1,11 @@
# Configuration for a ThinkPad T480.
# Configuration for a T480 running Qubes 4.1 and other Linux Based OSes (through kexec)
#
# Includes
# - Deactivated+neutered ME and expanded consequent IFD BIOS regions
# - Forged TO:DO:TO:DO:TO:DO MAC address (if not extracting gbe.bin from backup with blobs/xx80/extract.sh)
# - Note that this MAC address can be modified under build/coreboot-VER/util/bincfg/gbe-82579LM.set
#
# - Includes Nitrokey/Librem Key HOTP Security dongle remote attestation (in addition to TOTP remote attestation through Qr Code)
export CONFIG_COREBOOT=y
export CONFIG_COREBOOT_VERSION=t480
@ -31,8 +38,8 @@ export CONFIG_FINALIZE_PLATFORM_LOCKING=y
#Remote attestation support
# TPM2 requirements
#CONFIG_TPM2_TSS=y
#CONFIG_OPENSSL=y
CONFIG_TPM2_TSS=y
CONFIG_OPENSSL=y
CONFIG_POPT=y
CONFIG_QRENCODE=y
CONFIG_TPMTOTP=y
@ -70,6 +77,7 @@ export CONFIG_BOOT_KERNEL_ADD=""
export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off"
export CONFIG_BOARD_NAME="Thinkpad T480-hotp-maximized"
export CONFIG_FLASH_OPTIONS="flashprog --progress --programmer internal"
export CONFIG_AUTO_BOOT_TIMEOUT=5
# t480 blobs requirements
BOARD_TARGETS += t480_me_blobs
#Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP
BOARD_TARGETS := xx80_me_blobs

17
boards/t480-maximized/t480-maximized.config
View File

@ -1,4 +1,10 @@
# Configuration for a ThinkPad T480.
# Configuration for a T480 running Qubes 4.1 and other Linux Based OSes (through kexec)
#
# Includes
# - Deactivated+neutered ME and expanded consequent IFD BIOS regions
# - Forged TO:DO:TO:DO:TO:DO MAC address (if not extracting gbe.bin from backup with blobs/xx80/extract.sh)
# - Note that this MAC address can be modified under build/coreboot-VER/util/bincfg/gbe-82579LM.set
#
# - DOES NOT INCLUDE Nitrokey/Librem Key HOTP Security dongle remote attestation (in addition to TOTP remote attestation through Qr Code)
export CONFIG_COREBOOT=y
@ -32,8 +38,8 @@ export CONFIG_FINALIZE_PLATFORM_LOCKING=y
#Remote attestation support
# TPM2 requirements
#CONFIG_TPM2_TSS=y
#CONFIG_OPENSSL=y
CONFIG_TPM2_TSS=y
CONFIG_OPENSSL=y
CONFIG_POPT=y
CONFIG_QRENCODE=y
CONFIG_TPMTOTP=y
@ -71,6 +77,7 @@ export CONFIG_BOOT_KERNEL_ADD=""
export CONFIG_BOOT_KERNEL_REMOVE="intel_iommu=on intel_iommu=igfx_off"
export CONFIG_BOARD_NAME="Thinkpad T480-maximized"
export CONFIG_FLASH_OPTIONS="flashprog --progress --programmer internal"
export CONFIG_AUTO_BOOT_TIMEOUT=5
# t480 blobs requirements
BOARD_TARGETS += t480_me_blobs
#Include bits related to ivybridge ME blob download/neutering down to BUP+ROMP
BOARD_TARGETS := xx80_me_blobs

907
config/coreboot-t480-maximized.config Normal file
View File

@ -0,0 +1,907 @@
#
# Automatically generated file; DO NOT EDIT.
# coreboot configuration
#
#
# General setup
#
CONFIG_COREBOOT_BUILD=y
CONFIG_LOCALVERSION=""
CONFIG_CBFS_PREFIX="fallback"
CONFIG_COMPILER_GCC=y
# CONFIG_COMPILER_LLVM_CLANG is not set
CONFIG_ARCH_SUPPORTS_CLANG=y
# CONFIG_ANY_TOOLCHAIN is not set
# CONFIG_CCACHE is not set
# CONFIG_LTO is not set
# CONFIG_IWYU is not set
# CONFIG_FMD_GENPARSER is not set
# CONFIG_UTIL_GENPARSER is not set
# CONFIG_OPTION_BACKEND_NONE is not set
CONFIG_USE_OPTION_TABLE=y
CONFIG_STATIC_OPTION_TABLE=y
CONFIG_COMPRESS_RAMSTAGE_LZMA=y
# CONFIG_COMPRESS_RAMSTAGE_LZ4 is not set
CONFIG_SEPARATE_ROMSTAGE=y
CONFIG_INCLUDE_CONFIG_FILE=y
CONFIG_COLLECT_TIMESTAMPS=y
# CONFIG_TIMESTAMPS_ON_CONSOLE is not set
# CONFIG_USE_BLOBS is not set
# CONFIG_COVERAGE is not set
# CONFIG_UBSAN is not set
CONFIG_HAVE_ASAN_IN_RAMSTAGE=y
# CONFIG_ASAN is not set
# CONFIG_NO_STAGE_CACHE is not set
CONFIG_TSEG_STAGE_CACHE=y
# CONFIG_UPDATE_IMAGE is not set
CONFIG_BOOTSPLASH_IMAGE=y
CONFIG_BOOTSPLASH_FILE="@BRAND_DIR@/bootsplash.jpg"
CONFIG_BOOTSPLASH_CONVERT=y
CONFIG_BOOTSPLASH_CONVERT_QUALITY=70
# CONFIG_BOOTSPLASH_CONVERT_RESIZE is not set
# CONFIG_BOOTSPLASH_CONVERT_COLORSWAP is not set
# CONFIG_FW_CONFIG is not set
#
# Software Bill Of Materials (SBOM)
#
# CONFIG_SBOM is not set
# end of Software Bill Of Materials (SBOM)
# end of General setup
#
# Mainboard
#
#
# Important: Run 'make distclean' before switching boards
#
# CONFIG_VENDOR_51NB is not set
# CONFIG_VENDOR_ACER is not set
# CONFIG_VENDOR_AMD is not set
# CONFIG_VENDOR_AOOSTAR is not set
# CONFIG_VENDOR_AOPEN is not set
# CONFIG_VENDOR_APPLE is not set
# CONFIG_VENDOR_ARM is not set
# CONFIG_VENDOR_ASROCK is not set
# CONFIG_VENDOR_ASUS is not set
# CONFIG_VENDOR_BIOSTAR is not set
# CONFIG_VENDOR_BOSTENTECH is not set
# CONFIG_VENDOR_BYTEDANCE is not set
# CONFIG_VENDOR_CAVIUM is not set
# CONFIG_VENDOR_CLEVO is not set
# CONFIG_VENDOR_COMPULAB is not set
# CONFIG_VENDOR_CWWK is not set
# CONFIG_VENDOR_DELL is not set
# CONFIG_VENDOR_EMULATION is not set
# CONFIG_VENDOR_ERYING is not set
# CONFIG_VENDOR_EXAMPLE is not set
# CONFIG_VENDOR_FACEBOOK is not set
# CONFIG_VENDOR_FOXCONN is not set
# CONFIG_VENDOR_FRAMEWORK is not set
# CONFIG_VENDOR_GETAC is not set
# CONFIG_VENDOR_GIGABYTE is not set
# CONFIG_VENDOR_GOOGLE is not set
# CONFIG_VENDOR_HARDKERNEL is not set
# CONFIG_VENDOR_HP is not set
# CONFIG_VENDOR_IBASE is not set
# CONFIG_VENDOR_IBM is not set
# CONFIG_VENDOR_INTEL is not set
# CONFIG_VENDOR_INVENTEC is not set
# CONFIG_VENDOR_KONTRON is not set
# CONFIG_VENDOR_LATTEPANDA is not set
CONFIG_VENDOR_LENOVO=y
# CONFIG_VENDOR_LIBRETREND is not set
# CONFIG_VENDOR_MITAC_COMPUTING is not set
# CONFIG_VENDOR_MSI is not set
# CONFIG_VENDOR_OCP is not set
# CONFIG_VENDOR_OPENCELLULAR is not set
# CONFIG_VENDOR_PACKARDBELL is not set
# CONFIG_VENDOR_PCENGINES is not set
# CONFIG_VENDOR_PINE64 is not set
# CONFIG_VENDOR_PORTWELL is not set
# CONFIG_VENDOR_PRODRIVE is not set
# CONFIG_VENDOR_PROTECTLI is not set
# CONFIG_VENDOR_PURISM is not set
# CONFIG_VENDOR_RAPTOR_CS is not set
# CONFIG_VENDOR_RAZER is not set
# CONFIG_VENDOR_RODA is not set
# CONFIG_VENDOR_SAMSUNG is not set
# CONFIG_VENDOR_SAPPHIRE is not set
# CONFIG_VENDOR_SIEMENS is not set
# CONFIG_VENDOR_SIFIVE is not set
# CONFIG_VENDOR_STARLABS is not set
# CONFIG_VENDOR_SUPERMICRO is not set
# CONFIG_VENDOR_SYSTEM76 is not set
# CONFIG_VENDOR_TI is not set
# CONFIG_VENDOR_TOPTON is not set
# CONFIG_VENDOR_UP is not set
# CONFIG_VENDOR_VIA is not set
CONFIG_BOARD_SPECIFIC_OPTIONS=y
CONFIG_MAINBOARD_FAMILY="T480"
CONFIG_MAINBOARD_PART_NUMBER="T480"
CONFIG_MAINBOARD_VERSION="1.0"
CONFIG_MAINBOARD_DIR="lenovo/sklkbl_thinkpad"
CONFIG_VGA_BIOS_ID="8086,0406"
CONFIG_DIMM_MAX=2
CONFIG_DIMM_SPD_SIZE=512
CONFIG_FMDFILE=""
CONFIG_NO_POST=y
CONFIG_MAINBOARD_VENDOR="LENOVO"
CONFIG_CBFS_SIZE=0xEEC000
# CONFIG_CONSOLE_SERIAL is not set
CONFIG_LINEAR_FRAMEBUFFER_MAX_HEIGHT=1600
CONFIG_LINEAR_FRAMEBUFFER_MAX_WIDTH=2560
CONFIG_MAINBOARD_SUPPORTS_KABYLAKE_DUAL=y
CONFIG_MAINBOARD_SUPPORTS_KABYLAKE_QUAD=y
CONFIG_MAX_CPUS=8
CONFIG_ONBOARD_VGA_IS_PRIMARY=y
CONFIG_UART_FOR_CONSOLE=0
CONFIG_VARIANT_DIR="t480"
CONFIG_OVERRIDE_DEVICETREE="variants/$(CONFIG_VARIANT_DIR)/overridetree.cb"
CONFIG_DEVICETREE="devicetree.cb"
# CONFIG_VBOOT is not set
# CONFIG_VGA_BIOS is not set
CONFIG_PCIEXP_ASPM=y
CONFIG_PCIEXP_L1_SUB_STATE=y
CONFIG_PCIEXP_CLK_PM=y
CONFIG_MAINBOARD_SMBIOS_MANUFACTURER="LENOVO"
CONFIG_ECAM_MMCONF_BASE_ADDRESS=0xe0000000
CONFIG_ECAM_MMCONF_BUS_NUMBER=256
CONFIG_MEMLAYOUT_LD_FILE="src/arch/x86/memlayout.ld"
# CONFIG_FATAL_ASSERTS is not set
CONFIG_INTEL_GMA_VBT_FILE="src/mainboard/$(MAINBOARDDIR)/variants/$(VARIANT_DIR)/data.vbt"
# CONFIG_DISABLE_HECI1_AT_PRE_BOOT is not set
CONFIG_PRERAM_CBMEM_CONSOLE_SIZE=0xc00
CONFIG_MAINBOARD_SMBIOS_PRODUCT_NAME="T480"
# CONFIG_CONSOLE_POST is not set
CONFIG_MAX_SOCKET=1
CONFIG_BOOT_DEVICE_SPI_FLASH_BUS=0
CONFIG_TPM_PIRQ=0x0
CONFIG_USE_PM_ACPI_TIMER=y
CONFIG_DCACHE_RAM_BASE=0xfef00000
CONFIG_DCACHE_RAM_SIZE=0x40000
CONFIG_C_ENV_BOOTBLOCK_SIZE=0x40000
CONFIG_DCACHE_BSP_STACK_SIZE=0x4000
CONFIG_MAX_ACPI_TABLE_SIZE_KB=144
CONFIG_HAVE_INTEL_FIRMWARE=y
CONFIG_USE_LEGACY_8254_TIMER=y
CONFIG_MRC_SETTINGS_CACHE_SIZE=0x10000
CONFIG_SPI_FLASH_INCLUDE_ALL_DRIVERS=y
CONFIG_SPI_FLASH_WINBOND=y
# CONFIG_DRIVERS_INTEL_WIFI is not set
CONFIG_IFD_BIN_PATH="@BLOB_DIR@/xx80/ifd.bin"
CONFIG_ME_BIN_PATH="@BLOB_DIR@/xx80/me.bin"
CONFIG_GBE_BIN_PATH="@BLOB_DIR@/xx80/gbe.bin"
CONFIG_MAINBOARD_SUPPORTS_SKYLAKE_CPU=y
CONFIG_CONSOLE_CBMEM_BUFFER_SIZE=0x20000
CONFIG_CARDBUS_PLUGIN_SUPPORT=y
CONFIG_SPI_FLASH_GIGADEVICE=y
CONFIG_SPI_FLASH_STMICRO=y
# CONFIG_DEBUG_SMI is not set
# CONFIG_SOC_INTEL_COMMON_BLOCK_SGX_ENABLE is not set
CONFIG_HAVE_IFD_BIN=y
# CONFIG_BOARD_LENOVO_THINKPAD_T440P is not set
# CONFIG_BOARD_LENOVO_THINKPAD_W541 is not set
# CONFIG_BOARD_LENOVO_L520 is not set
# CONFIG_BOARD_LENOVO_THINKCENTRE_M900_TINY is not set
# CONFIG_BOARD_LENOVO_M920Q is not set
# CONFIG_BOARD_LENOVO_S230U is not set
CONFIG_BOARD_LENOVO_T480=y
# CONFIG_BOARD_LENOVO_T480S is not set
# CONFIG_BOARD_LENOVO_T400 is not set
# CONFIG_BOARD_LENOVO_T500 is not set
# CONFIG_BOARD_LENOVO_R400 is not set
# CONFIG_BOARD_LENOVO_R500 is not set
# CONFIG_BOARD_LENOVO_W500 is not set
# CONFIG_BOARD_LENOVO_T410 is not set
# CONFIG_BOARD_LENOVO_T420 is not set
# CONFIG_BOARD_LENOVO_T420S is not set
# CONFIG_BOARD_LENOVO_THINKPAD_T430 is not set
# CONFIG_BOARD_LENOVO_T430S is not set
# CONFIG_BOARD_LENOVO_T431S is not set
# CONFIG_BOARD_LENOVO_T520 is not set
# CONFIG_BOARD_LENOVO_W520 is not set
# CONFIG_BOARD_LENOVO_T530 is not set
# CONFIG_BOARD_LENOVO_W530 is not set
# CONFIG_BOARD_LENOVO_T60 is not set
# CONFIG_BOARD_LENOVO_Z61T is not set
# CONFIG_BOARD_LENOVO_R60 is not set
# CONFIG_BOARD_LENOVO_THINKCENTRE_A58 is not set
# CONFIG_BOARD_LENOVO_THINKCENTRE_M710S is not set
# CONFIG_BOARD_LENOVO_X131E is not set
# CONFIG_BOARD_LENOVO_X1_CARBON_GEN1 is not set
# CONFIG_BOARD_LENOVO_X200 is not set
# CONFIG_BOARD_LENOVO_X301 is not set
# CONFIG_BOARD_LENOVO_X201 is not set
# CONFIG_BOARD_LENOVO_X220 is not set
# CONFIG_BOARD_LENOVO_X220I is not set
# CONFIG_BOARD_LENOVO_X1 is not set
# CONFIG_BOARD_LENOVO_X230 is not set
# CONFIG_BOARD_LENOVO_X230T is not set
# CONFIG_BOARD_LENOVO_X230S is not set
# CONFIG_BOARD_LENOVO_X230_EDP is not set
# CONFIG_BOARD_LENOVO_X60 is not set
CONFIG_PS2K_EISAID="PNP0303"
CONFIG_PS2M_EISAID="PNP0F13"
CONFIG_THINKPADEC_HKEY_EISAID="IBM0068"
CONFIG_GFX_GMA_PANEL_1_PORT="eDP"
CONFIG_BOARD_LENOVO_SKLKBL_THINKPAD_COMMON=y
# CONFIG_LENOVO_TBFW_BIN= is not set
CONFIG_TTYS0_BAUD=115200
# CONFIG_SOC_INTEL_CSE_SEND_EOP_EARLY is not set
CONFIG_POWER_STATE_DEFAULT_ON_AFTER_FAILURE=y
CONFIG_D3COLD_SUPPORT=y
CONFIG_GFX_GMA_PANEL_1_ON_EDP=y
CONFIG_DRIVERS_UART_8250IO=y
CONFIG_PC_CMOS_BASE_PORT_BANK1=0x72
CONFIG_HEAP_SIZE=0x100000
CONFIG_EC_GPE_SCI=0x50
CONFIG_EC_STARLABS_BATTERY_MODEL="Unknown"
CONFIG_EC_STARLABS_BATTERY_TYPE="LION"
CONFIG_EC_STARLABS_BATTERY_OEM="Unknown"
CONFIG_TPM_MEASURED_BOOT=y
CONFIG_LINUX_COMMAND_LINE="quiet loglevel=2"
CONFIG_BOARD_ROMSIZE_KB_16384=y
# CONFIG_COREBOOT_ROMSIZE_KB_256 is not set
# CONFIG_COREBOOT_ROMSIZE_KB_512 is not set
# CONFIG_COREBOOT_ROMSIZE_KB_1024 is not set
# CONFIG_COREBOOT_ROMSIZE_KB_2048 is not set
# CONFIG_COREBOOT_ROMSIZE_KB_4096 is not set
# CONFIG_COREBOOT_ROMSIZE_KB_5120 is not set
# CONFIG_COREBOOT_ROMSIZE_KB_6144 is not set
# CONFIG_COREBOOT_ROMSIZE_KB_8192 is not set
# CONFIG_COREBOOT_ROMSIZE_KB_10240 is not set
# CONFIG_COREBOOT_ROMSIZE_KB_12288 is not set
CONFIG_COREBOOT_ROMSIZE_KB_16384=y
# CONFIG_COREBOOT_ROMSIZE_KB_24576 is not set
# CONFIG_COREBOOT_ROMSIZE_KB_32768 is not set
# CONFIG_COREBOOT_ROMSIZE_KB_65536 is not set
CONFIG_COREBOOT_ROMSIZE_KB=16384
CONFIG_ROM_SIZE=0x01000000
CONFIG_HAVE_POWER_STATE_AFTER_FAILURE=y
CONFIG_HAVE_POWER_STATE_PREVIOUS_AFTER_FAILURE=y
CONFIG_POWER_STATE_OFF_AFTER_FAILURE=y
# CONFIG_POWER_STATE_ON_AFTER_FAILURE is not set
# CONFIG_POWER_STATE_PREVIOUS_AFTER_FAILURE is not set
CONFIG_MAINBOARD_POWER_FAILURE_STATE=0
# end of Mainboard
CONFIG_SYSTEM_TYPE_LAPTOP=y
#
# Chipset
#
#
# SoC
#
CONFIG_CHIPSET_DEVICETREE="soc/intel/skylake/chipset.cb"
CONFIG_FSP_M_FILE="@BLOB_DIR@/kabylake/Fsp_M.fd"
CONFIG_FSP_S_FILE="@BLOB_DIR@/kabylake/Fsp_S.fd"
CONFIG_CBFS_MCACHE_SIZE=0x4000
CONFIG_ROMSTAGE_ADDR=0x2000000
CONFIG_VERSTAGE_ADDR=0x2000000
CONFIG_SMM_TSEG_SIZE=0x800000
CONFIG_SMM_RESERVED_SIZE=0x200000
CONFIG_SMM_MODULE_STACK_SIZE=0x800
CONFIG_ACPI_BERT_SIZE=0x0
CONFIG_DRIVERS_I2C_DESIGNWARE_CLOCK_MHZ=120
CONFIG_PRERAM_CBFS_CACHE_SIZE=0x4000
CONFIG_DOMAIN_RESOURCE_32BIT_LIMIT=0xe0000000
CONFIG_ACPI_CPU_STRING="CP%02X"
CONFIG_STACK_SIZE=0x2000
CONFIG_IFD_CHIPSET="sklkbl"
CONFIG_IED_REGION_SIZE=0x400000
CONFIG_MAX_ROOT_PORTS=24
CONFIG_PCR_BASE_ADDRESS=0xfd000000
CONFIG_CPU_BCLK_MHZ=100
CONFIG_SOC_INTEL_COMMON_BLOCK_GSPI_CLOCK_MHZ=120
CONFIG_CPU_XTAL_HZ=24000000
CONFIG_SOC_INTEL_COMMON_BLOCK_GSPI_MAX=2
CONFIG_SOC_INTEL_I2C_DEV_MAX=6
# CONFIG_ENABLE_SATA_TEST_MODE is not set
CONFIG_SOC_INTEL_COMMON_LPSS_UART_CLK_M_VAL=0x30
CONFIG_SOC_INTEL_COMMON_LPSS_UART_CLK_N_VAL=0xc35
CONFIG_FSP_HEADER_PATH="3rdparty/fsp/KabylakeFspBinPkg/Include/"
CONFIG_FSP_FD_PATH="3rdparty/fsp/KabylakeFspBinPkg/Fsp.fd"
CONFIG_SOC_INTEL_COMMON_DEBUG_CONSENT=0
CONFIG_INTEL_GMA_BCLV_OFFSET=0xc8254
CONFIG_INTEL_GMA_BCLV_WIDTH=16
CONFIG_INTEL_GMA_BCLM_OFFSET=0xc8256
CONFIG_INTEL_GMA_BCLM_WIDTH=16
CONFIG_FSP_PUBLISH_MBP_HOB=y
CONFIG_FSP_STATUS_GLOBAL_RESET=0x40000003
CONFIG_MAX_HECI_DEVICES=5
CONFIG_BOOTBLOCK_IN_CBFS=y
CONFIG_HAVE_PAM0_REGISTER=y
CONFIG_PCIEXP_COMMON_CLOCK=y
CONFIG_INTEL_TXT_BIOSACM_ALIGNMENT=0x40000
CONFIG_CPU_INTEL_NUM_FIT_ENTRIES=10
CONFIG_SOC_INTEL_GFX_FRAMEBUFFER_OFFSET=0x0
CONFIG_PCIE_LTR_MAX_SNOOP_LATENCY=0x1003
CONFIG_PCIE_LTR_MAX_NO_SNOOP_LATENCY=0x1003
CONFIG_SOC_PHYSICAL_ADDRESS_WIDTH=0
CONFIG_SOC_INTEL_COMMON_SKYLAKE_BASE=y
CONFIG_SOC_INTEL_KABYLAKE=y
CONFIG_FSP_T_LOCATION=0xfffe0000
CONFIG_SOC_INTEL_COMMON_BLOCK_P2SB=y
CONFIG_FIXED_SMBUS_IO_BASE=0xefa0
CONFIG_CBFS_CACHE_ALIGN=8
CONFIG_SOC_INTEL_COMMON=y
#
# Intel SoC Common Code for IP blocks
#
CONFIG_SOC_INTEL_COMMON_BLOCK=y
CONFIG_SOC_INTEL_COMMON_BLOCK_ACPI=y
CONFIG_SOC_INTEL_COMMON_BLOCK_ACPI_GPIO=y
CONFIG_SOC_INTEL_COMMON_BLOCK_ACPI_LPIT=y
CONFIG_SOC_INTEL_COMMON_BLOCK_ACPI_PEP=y
CONFIG_SOC_INTEL_COMMON_BLOCK_ACPI_CPPC=y
CONFIG_SOC_INTEL_COMMON_BLOCK_CHIP_CONFIG=y
CONFIG_SOC_INTEL_COMMON_BLOCK_CPU=y
CONFIG_SOC_INTEL_COMMON_BLOCK_CPU_MPINIT=y
CONFIG_USE_FSP_FEATURE_PROGRAM_ON_APS=y
# CONFIG_USE_COREBOOT_MP_INIT is not set
CONFIG_SOC_INTEL_COMMON_BLOCK_CPU_SMMRELOCATE=y
CONFIG_SOC_INTEL_COMMON_BLOCK_CAR=y
CONFIG_INTEL_CAR_NEM_ENHANCED=y
# CONFIG_USE_INTEL_FSP_MP_INIT is not set
CONFIG_CPU_SUPPORTS_PM_TIMER_EMULATION=y
CONFIG_HAVE_HYPERTHREADING=y
# CONFIG_FSP_HYPERTHREADING is not set
# CONFIG_INTEL_KEYLOCKER is not set
# CONFIG_SOC_INTEL_COMMON_BLOCK_PRMRR_SIZE_MAX is not set
# CONFIG_SOC_INTEL_COMMON_BLOCK_PRMRR_SIZE_256MB is not set
# CONFIG_SOC_INTEL_COMMON_BLOCK_PRMRR_SIZE_128MB is not set
# CONFIG_SOC_INTEL_COMMON_BLOCK_PRMRR_SIZE_64MB is not set
# CONFIG_SOC_INTEL_COMMON_BLOCK_PRMRR_SIZE_32MB is not set
# CONFIG_SOC_INTEL_COMMON_BLOCK_PRMRR_SIZE_16MB is not set
# CONFIG_SOC_INTEL_COMMON_BLOCK_PRMRR_SIZE_8MB is not set
# CONFIG_SOC_INTEL_COMMON_BLOCK_PRMRR_SIZE_4MB is not set
# CONFIG_SOC_INTEL_COMMON_BLOCK_PRMRR_SIZE_2MB is not set
CONFIG_SOC_INTEL_COMMON_BLOCK_PRMRR_SIZE_0MB=y
CONFIG_SOC_INTEL_COMMON_BLOCK_CSE=y
CONFIG_SOC_INTEL_COMMON_BLOCK_HECI1_DISABLE_USING_PCR=y
CONFIG_SOC_INTEL_CSE_FMAP_NAME="SI_ME"
CONFIG_SOC_INTEL_CSE_RW_A_FMAP_NAME="ME_RW_A"
CONFIG_SOC_INTEL_CSE_RW_B_FMAP_NAME="ME_RW_B"
CONFIG_SOC_INTEL_CSE_RW_CBFS_NAME="me_rw"
CONFIG_SOC_INTEL_CSE_RW_HASH_CBFS_NAME="me_rw.hash"
CONFIG_SOC_INTEL_CSE_RW_VERSION_CBFS_NAME="me_rw.version"
CONFIG_SOC_INTEL_CSE_RW_FILE=""
CONFIG_SOC_INTEL_CSE_RW_VERSION=""
CONFIG_SOC_INTEL_CSE_IOM_CBFS_NAME="cse_iom"
CONFIG_SOC_INTEL_CSE_IOM_CBFS_FILE=""
CONFIG_SOC_INTEL_CSE_NPHY_CBFS_NAME="cse_nphy"
CONFIG_SOC_INTEL_CSE_NPHY_CBFS_FILE=""
CONFIG_SOC_INTEL_COMMON_BLOCK_DSP=y
CONFIG_SOC_INTEL_COMMON_BLOCK_FAST_SPI=y
CONFIG_FAST_SPI_DISABLE_WRITE_STATUS=y
CONFIG_SOC_INTEL_COMMON_BLOCK_GPIO=y
CONFIG_SOC_INTEL_COMMON_BLOCK_GPIO_ITSS_POL_CFG=y
CONFIG_SOC_INTEL_COMMON_BLOCK_GPIO_PADCFG_PADTOL=y
CONFIG_SOC_INTEL_COMMON_BLOCK_GPIO_DUAL_ROUTE_SUPPORT=y
CONFIG_SOC_INTEL_COMMON_BLOCK_GPMR=y
CONFIG_SOC_INTEL_COMMON_BLOCK_GRAPHICS=y
CONFIG_SOC_INTEL_GFX_HAVE_DDI_A_BIFURCATION=y
# CONFIG_SOC_INTEL_DISABLE_IGD is not set
CONFIG_SOC_INTEL_COMMON_BLOCK_GSPI=y
CONFIG_SOC_INTEL_COMMON_BLOCK_HDA=y
CONFIG_SOC_INTEL_COMMON_BLOCK_HDA_VERB=y
CONFIG_SOC_INTEL_COMMON_BLOCK_I2C=y
CONFIG_SOC_INTEL_COMMON_BLOCK_ITSS=y
CONFIG_SOC_INTEL_COMMON_BLOCK_LPC=y
CONFIG_SOC_INTEL_COMMON_BLOCK_LPC_MIRROR_TO_GPMR=y
CONFIG_SOC_INTEL_COMMON_BLOCK_LPSS=y
CONFIG_SOC_INTEL_COMMON_BLOCK_BASE_P2SB=y
CONFIG_SOC_INTEL_COMMON_BLOCK_PCIE=y
CONFIG_SOC_INTEL_COMMON_BLOCK_PCR=y
CONFIG_SOC_INTEL_COMMON_BLOCK_PMC=y
CONFIG_SOC_INTEL_COMMON_BLOCK_PMC_DISCOVERABLE=y
CONFIG_PMC_GLOBAL_RESET_ENABLE_LOCK=y
CONFIG_SOC_INTEL_COMMON_BLOCK_POWER_LIMIT=y
CONFIG_SOC_INTEL_COMMON_BLOCK_RTC=y
CONFIG_SOC_INTEL_COMMON_BLOCK_SATA=y
CONFIG_SOC_INTEL_COMMON_BLOCK_SCS=y
CONFIG_SOC_INTEL_COMMON_BLOCK_SGX=y
CONFIG_SOC_INTEL_COMMON_BLOCK_SGX_LOCK_MEMORY=y
CONFIG_SOC_INTEL_COMMON_BLOCK_SMBUS=y
CONFIG_SOC_INTEL_COMMON_BLOCK_TCO=y
CONFIG_SOC_INTEL_COMMON_BLOCK_TCO_ENABLE_THROUGH_SMBUS=y
CONFIG_SOC_INTEL_COMMON_BLOCK_SMM=y
CONFIG_SOC_INTEL_COMMON_BLOCK_SMM_IO_TRAP=y
# CONFIG_SOC_INTEL_COMMON_BLOCK_SMM_TCO_ENABLE is not set
CONFIG_SOC_INTEL_COMMON_BLOCK_SMM_S5_DELAY_MS=0
CONFIG_SOC_INTEL_COMMON_BLOCK_SPI=y
CONFIG_SOC_INTEL_COMMON_BLOCK_SA=y
CONFIG_SA_ENABLE_DPR=y
CONFIG_HAVE_CAPID_A_REGISTER=y
CONFIG_HAVE_BDSM_BGSM_REGISTER=y
CONFIG_SOC_INTEL_COMMON_BLOCK_THERMAL=y
CONFIG_SOC_INTEL_COMMON_BLOCK_THERMAL_PCI_DEV=y
CONFIG_SOC_INTEL_COMMON_BLOCK_TIMER=y
CONFIG_SOC_INTEL_COMMON_BLOCK_UART=y
CONFIG_SOC_INTEL_COMMON_BLOCK_XDCI=y
CONFIG_SOC_INTEL_COMMON_BLOCK_XHCI=y
CONFIG_SOC_INTEL_COMMON_BLOCK_XHCI_ELOG=y
#
# Intel SoC Common PCH Code
#
CONFIG_SOC_INTEL_COMMON_PCH_CLIENT=y
CONFIG_SOC_INTEL_COMMON_PCH_BASE=y
CONFIG_SOC_INTEL_COMMON_PCH_LOCKDOWN=y
CONFIG_PCH_SPECIFIC_BASE_OPTIONS=y
CONFIG_PCH_SPECIFIC_DISCRETE_OPTIONS=y
CONFIG_PCH_SPECIFIC_CLIENT_OPTIONS=y
#
# Intel SoC Common coreboot stages and non-IP blocks
#
CONFIG_SOC_INTEL_COMMON_BASECODE=y
CONFIG_SOC_INTEL_COMMON_RESET=y
CONFIG_SOC_INTEL_COMMON_ACPI_WAKE_SOURCE=y
CONFIG_PAVP=y
# CONFIG_MMA is not set
CONFIG_SOC_INTEL_COMMON_NHLT=y
# CONFIG_SOC_INTEL_DEBUG_CONSENT is not set
#
# CPU
#
CONFIG_CPU_INTEL_FIRMWARE_INTERFACE_TABLE=y
CONFIG_CPU_INTEL_COMMON=y
CONFIG_ENABLE_VMX=y
CONFIG_SET_IA32_FC_LOCK_BIT=y
CONFIG_SET_MSR_AESNI_LOCK_BIT=y
CONFIG_CPU_INTEL_COMMON_SMM=y
CONFIG_PARALLEL_MP=y
CONFIG_PARALLEL_MP_AP_WORK=y
CONFIG_XAPIC_ONLY=y
# CONFIG_X2APIC_ONLY is not set
# CONFIG_X2APIC_RUNTIME is not set
# CONFIG_X2APIC_LATE_WORKAROUND is not set
CONFIG_UDELAY_TSC=y
CONFIG_TSC_MONOTONIC_TIMER=y
CONFIG_TSC_SYNC_MFENCE=y
CONFIG_HAVE_SMI_HANDLER=y
CONFIG_SMM_TSEG=y
CONFIG_SMM_PCI_RESOURCE_STORE_NUM_SLOTS=8
CONFIG_AP_STACK_SIZE=0x800
CONFIG_SMP=y
CONFIG_SSE=y
CONFIG_SSE2=y
CONFIG_SUPPORT_CPU_UCODE_IN_CBFS=y
CONFIG_USE_CPU_MICROCODE_CBFS_BINS=y
CONFIG_CPU_MICROCODE_CBFS_DEFAULT_BINS=y
# CONFIG_CPU_MICROCODE_CBFS_EXTERNAL_BINS is not set
# CONFIG_CPU_MICROCODE_CBFS_EXTERNAL_HEADER is not set
# CONFIG_CPU_MICROCODE_CBFS_NONE is not set
#
# Northbridge
#
#
# Southbridge
#
# CONFIG_PCIEXP_HOTPLUG is not set
CONFIG_INTEL_DESCRIPTOR_MODE_REQUIRED=y
CONFIG_SOUTHBRIDGE_INTEL_COMMON_SMBUS=y
CONFIG_INTEL_DESCRIPTOR_MODE_CAPABLE=y
# CONFIG_VALIDATE_INTEL_DESCRIPTOR is not set
CONFIG_FIXED_RCBA_MMIO_BASE=0xfed1c000
CONFIG_RCBA_LENGTH=0x4000
#
# Super I/O
#
#
# Embedded Controllers
#
CONFIG_EC_ACPI=y
CONFIG_EC_LENOVO_H8=y
CONFIG_H8_BEEP_ON_DEATH=y
CONFIG_H8_FLASH_LEDS_ON_DEATH=y
# CONFIG_H8_SUPPORT_BT_ON_WIFI is not set
# CONFIG_H8_FN_CTRL_SWAP is not set
CONFIG_H8_HAS_BAT_THRESHOLDS_IMPL=y
CONFIG_H8_HAS_PRIMARY_FN_KEYS=y
CONFIG_H8_HAS_LEDLOGO=y
CONFIG_EC_LENOVO_PMH7=y
#
# Intel Firmware
#
CONFIG_HAVE_ME_BIN=y
# CONFIG_STITCH_ME_BIN is not set
# CONFIG_CHECK_ME is not set
# CONFIG_ME_REGION_ALLOW_CPU_READ_ACCESS is not set
# CONFIG_USE_ME_CLEANER is not set
CONFIG_MAINBOARD_USES_IFD_GBE_REGION=y
CONFIG_HAVE_GBE_BIN=y
# CONFIG_DO_NOT_TOUCH_DESCRIPTOR_REGION is not set
# CONFIG_LOCK_MANAGEMENT_ENGINE is not set
CONFIG_UNLOCK_FLASH_REGIONS=y
CONFIG_ACPI_FNKEY_GEN_SCANCODE=0
CONFIG_UDK_BASE=y
CONFIG_UDK_2017_BINDING=y
CONFIG_UDK_2013_VERSION=2013
CONFIG_UDK_2017_VERSION=2017
CONFIG_UDK_202005_VERSION=202005
CONFIG_UDK_202111_VERSION=202111
CONFIG_UDK_202302_VERSION=202302
CONFIG_UDK_202305_VERSION=202305
CONFIG_UDK_VERSION=2017
CONFIG_ARCH_X86=y
CONFIG_ARCH_BOOTBLOCK_X86_32=y
CONFIG_ARCH_VERSTAGE_X86_32=y
CONFIG_ARCH_ROMSTAGE_X86_32=y
CONFIG_ARCH_POSTCAR_X86_32=y
CONFIG_ARCH_RAMSTAGE_X86_32=y
CONFIG_ARCH_ALL_STAGES_X86_32=y
CONFIG_RESERVED_PHYSICAL_ADDRESS_BITS_SUPPORT=y
CONFIG_X86_TOP4G_BOOTMEDIA_MAP=y
CONFIG_POSTRAM_CBFS_CACHE_IN_BSS=y
CONFIG_RAMSTAGE_CBFS_CACHE_SIZE=0x4000
CONFIG_PC80_SYSTEM=y
CONFIG_POSTCAR_STAGE=y
CONFIG_BOOTBLOCK_SIMPLE=y
# CONFIG_BOOTBLOCK_NORMAL is not set
CONFIG_COLLECT_TIMESTAMPS_TSC=y
CONFIG_HAVE_CF9_RESET=y
CONFIG_DEBUG_HW_BREAKPOINTS=y
CONFIG_DEBUG_NULL_DEREF_BREAKPOINTS=y
# CONFIG_DUMP_SMBIOS_TYPE17 is not set
CONFIG_X86_BOOTBLOCK_EXTRA_PROGRAM_SZ=0
CONFIG_DEFAULT_EBDA_LOWMEM=0x100000
CONFIG_DEFAULT_EBDA_SEGMENT=0xF600
CONFIG_DEFAULT_EBDA_SIZE=0x400
# end of Chipset
#
# Devices
#
CONFIG_HAVE_VGA_TEXT_FRAMEBUFFER=y
CONFIG_HAVE_LINEAR_FRAMEBUFFER=y
CONFIG_HAVE_FSP_GOP=y
CONFIG_MAINBOARD_HAS_LIBGFXINIT=y
CONFIG_MAINBOARD_USE_LIBGFXINIT=y
# CONFIG_VGA_ROM_RUN is not set
# CONFIG_RUN_FSP_GOP is not set
# CONFIG_NO_GFX_INIT is not set
CONFIG_NO_EARLY_GFX_INIT=y
#
# Display
#
# CONFIG_VGA_TEXT_FRAMEBUFFER is not set
CONFIG_GENERIC_LINEAR_FRAMEBUFFER=y
CONFIG_LINEAR_FRAMEBUFFER=y
CONFIG_BOOTSPLASH=y
CONFIG_DEFAULT_SCREEN_ROTATION_NONE=y
# CONFIG_DEFAULT_SCREEN_ROTATION_90 is not set
# CONFIG_DEFAULT_SCREEN_ROTATION_180 is not set
# CONFIG_DEFAULT_SCREEN_ROTATION_270 is not set
CONFIG_DEFAULT_SCREEN_ROTATION_INT=0
# end of Display
CONFIG_PCI=y
CONFIG_ECAM_MMCONF_SUPPORT=y
CONFIG_PCIX_PLUGIN_SUPPORT=y
CONFIG_AZALIA_HDA_CODEC_SUPPORT=y
CONFIG_PCIEXP_PLUGIN_SUPPORT=y
CONFIG_ECAM_MMCONF_LENGTH=0x10000000
CONFIG_PCI_ALLOW_BUS_MASTER=y
CONFIG_PCI_SET_BUS_MASTER_PCI_BRIDGES=y
CONFIG_PCI_ALLOW_BUS_MASTER_ANY_DEVICE=y
# CONFIG_PCIEXP_SUPPORT_RESIZABLE_BARS is not set
# CONFIG_PCIEXP_LANE_ERR_STAT_CLEAR is not set
# CONFIG_EARLY_PCI_BRIDGE is not set
CONFIG_SUBSYSTEM_VENDOR_ID=0x0000
CONFIG_SUBSYSTEM_DEVICE_ID=0x0000
CONFIG_INTEL_GMA_HAVE_VBT=y
CONFIG_INTEL_GMA_ADD_VBT=y
# CONFIG_SOFTWARE_I2C is not set
CONFIG_I2C_TRANSFER_TIMEOUT_US=500000
CONFIG_RESOURCE_ALLOCATION_TOP_DOWN=y
# end of Devices
#
# Generic Drivers
#
CONFIG_CRB_TPM_BASE_ADDRESS=0xfed40000
# CONFIG_DRIVERS_EFI_VARIABLE_STORE is not set
# CONFIG_DRIVERS_EFI_FW_INFO is not set
# CONFIG_ELOG is not set
CONFIG_CACHE_MRC_SETTINGS=y
CONFIG_MRC_SETTINGS_PROTECT=y
# CONFIG_DRIVERS_OPTION_CFR is not set
# CONFIG_SMMSTORE is not set
CONFIG_SPI_FLASH=y
CONFIG_BOOT_DEVICE_SPI_FLASH_RW_NOMMAP=y
CONFIG_BOOT_DEVICE_SPI_FLASH_RW_NOMMAP_EARLY=y
# CONFIG_SPI_FLASH_NO_FAST_READ is not set
CONFIG_DRIVERS_UART=y
CONFIG_SPI_FLASH_ADESTO=y
CONFIG_SPI_FLASH_AMIC=y
CONFIG_SPI_FLASH_ATMEL=y
CONFIG_SPI_FLASH_EON=y
CONFIG_SPI_FLASH_MACRONIX=y
CONFIG_SPI_FLASH_SPANSION=y
CONFIG_SPI_FLASH_SST=y
CONFIG_SPI_FLASH_ISSI=y
CONFIG_TPM_INIT_RAMSTAGE=y
# CONFIG_TPM_PPI is not set
CONFIG_NO_UART_ON_SUPERIO=y
# CONFIG_DRIVERS_UART_OXPCIE is not set
# CONFIG_VPD is not set
# CONFIG_DRIVERS_GENERIC_CBFS_SERIAL is not set
# CONFIG_DRIVERS_GENERIC_CBFS_UUID is not set
# CONFIG_DRIVERS_GENESYSLOGIC_GL9750 is not set
# CONFIG_DRIVERS_GENESYSLOGIC_GL9755 is not set
# CONFIG_DRIVERS_GENESYSLOGIC_GL9763E is not set
CONFIG_DRIVERS_I2C_DESIGNWARE=y
# CONFIG_DRIVERS_I2C_MAX98396 is not set
CONFIG_FSP_USE_REPO=y
# CONFIG_DISPLAY_HOBS is not set
# CONFIG_DISPLAY_UPD_DATA is not set
# CONFIG_BMP_LOGO is not set
CONFIG_PLATFORM_USES_FSP2_0=y
CONFIG_PLATFORM_USES_FSP2_X86_32=y
CONFIG_HAVE_INTEL_FSP_REPO=y
CONFIG_ADD_FSP_BINARIES=y
CONFIG_FSP_S_CBFS="fsps.bin"
CONFIG_FSP_M_CBFS="fspm.bin"
CONFIG_FSP_FULL_FD=y
CONFIG_FSP_T_RESERVED_SIZE=0x0
CONFIG_FSP_M_XIP=y
CONFIG_HAVE_FSP_LOGO_SUPPORT=y
CONFIG_SOC_INTEL_COMMON_FSP_RESET=y
CONFIG_USE_FSP_NOTIFY_PHASE_POST_PCI_ENUM=y
CONFIG_USE_FSP_NOTIFY_PHASE_READY_TO_BOOT=y
CONFIG_USE_FSP_NOTIFY_PHASE_END_OF_FIRMWARE=y
# CONFIG_DISPLAY_FSP_TIMESTAMPS is not set
# CONFIG_BUILDING_WITH_DEBUG_FSP is not set
CONFIG_INTEL_INT15=y
CONFIG_INTEL_GMA_ACPI=y
CONFIG_VBT_CBFS_COMPRESSION_LZMA=y
# CONFIG_VBT_CBFS_COMPRESSION_LZ4 is not set
# CONFIG_VBT_CBFS_COMPRESSION_NONE is not set
CONFIG_VBT_CBFS_COMPRESSION_ALGORITHM="lzma"
CONFIG_GFX_GMA=y
CONFIG_GFX_GMA_DYN_CPU=y
CONFIG_GFX_GMA_GENERATION="Skylake"
CONFIG_GFX_GMA_PCH="Sunrise_Point"
CONFIG_GFX_GMA_PANEL_2_PORT="Disabled"
CONFIG_GFX_GMA_ANALOG_I2C_PORT="PCH_DAC"
# CONFIG_DRIVERS_NXP_UWB_SR1XX is not set
# CONFIG_DRIVERS_PS2_KEYBOARD is not set
CONFIG_DRIVERS_MC146818=y
CONFIG_USE_PC_CMOS_ALTCENTURY=y
CONFIG_PC_CMOS_BASE_PORT_BANK0=0x70
CONFIG_MEMORY_MAPPED_TPM=y
CONFIG_TPM_TIS_BASE_ADDRESS=0xfed40000
CONFIG_DRIVERS_RICOH_RCE822=y
# CONFIG_DRIVERS_SIL_3114 is not set
CONFIG_DRIVERS_USB_ACPI=y
# CONFIG_DRIVERS_MTK_WIFI is not set
# end of Generic Drivers
#
# Security
#
#
# CBFS verification
#
# CONFIG_CBFS_VERIFICATION is not set
# end of CBFS verification
#
# Verified Boot (vboot)
#
CONFIG_VBOOT_LIB=y
# end of Verified Boot (vboot)
#
# Trusted Platform Module
#
# CONFIG_NO_TPM is not set
CONFIG_TPM1=y
CONFIG_TPM=y
CONFIG_MAINBOARD_HAS_TPM1=y
# CONFIG_TPM_DEACTIVATE is not set
# CONFIG_DEBUG_TPM is not set
# CONFIG_TPM_RDRESP_NEED_DELAY is not set
# CONFIG_TPM_LOG_CB is not set
CONFIG_TPM_LOG_TPM1=y
CONFIG_TPM_MEASURED_BOOT_RUNTIME_DATA=""
CONFIG_PCR_BOOT_MODE=1
CONFIG_PCR_HWID=1
CONFIG_PCR_SRTM=2
CONFIG_PCR_FW_VER=10
CONFIG_PCR_RUNTIME_DATA=3
# end of Trusted Platform Module
#
# Memory initialization
#
CONFIG_PLATFORM_HAS_DRAM_CLEAR=y
# CONFIG_SECURITY_CLEAR_DRAM_ON_REGULAR_BOOT is not set
# end of Memory initialization
# CONFIG_STM is not set
# CONFIG_BOOTMEDIA_LOCK_NONE is not set
CONFIG_BOOTMEDIA_LOCK_CONTROLLER=y
# CONFIG_BOOTMEDIA_LOCK_CHIP is not set
CONFIG_BOOTMEDIA_LOCK_WHOLE_RO=y
# CONFIG_BOOTMEDIA_LOCK_WHOLE_NO_ACCESS is not set
# CONFIG_BOOTMEDIA_SMM_BWP is not set
# end of Security
CONFIG_ACPI_HAVE_PCAT_8259=y
CONFIG_ACPI_INTEL_HARDWARE_SLEEP_VALUES=y
CONFIG_ACPI_SOC_NVS=y
CONFIG_ACPI_CUSTOM_MADT=y
CONFIG_ACPI_NO_CUSTOM_MADT=y
CONFIG_ACPI_COMMON_MADT_LAPIC=y
CONFIG_ACPI_COMMON_MADT_IOAPIC=y
CONFIG_HAVE_ACPI_TABLES=y
CONFIG_ACPI_LPIT=y
CONFIG_BOOT_DEVICE_SPI_FLASH=y
CONFIG_BOOT_DEVICE_MEMORY_MAPPED=y
CONFIG_BOOT_DEVICE_SUPPORTS_WRITES=y
CONFIG_RTC=y
#
# Console
#
CONFIG_BOOTBLOCK_CONSOLE=y
CONFIG_POSTCAR_CONSOLE=y
CONFIG_SQUELCH_EARLY_SMP=y
#
# I/O mapped, 8250-compatible
#
CONFIG_TTYS0_BASE=0x3f8
#
# Serial port base address = 0x3f8
#
# CONFIG_CONSOLE_SERIAL_921600 is not set
# CONFIG_CONSOLE_SERIAL_460800 is not set
# CONFIG_CONSOLE_SERIAL_230400 is not set
CONFIG_CONSOLE_SERIAL_115200=y
# CONFIG_CONSOLE_SERIAL_57600 is not set
# CONFIG_CONSOLE_SERIAL_38400 is not set
# CONFIG_CONSOLE_SERIAL_19200 is not set
# CONFIG_CONSOLE_SERIAL_9600 is not set
CONFIG_TTYS0_LCS=3
# CONFIG_SPKMODEM is not set
# CONFIG_CONSOLE_NE2K is not set
CONFIG_CONSOLE_CBMEM=y
# CONFIG_CONSOLE_SPI_FLASH is not set
# CONFIG_CONSOLE_I2C_SMBUS is not set
# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_8 is not set
CONFIG_DEFAULT_CONSOLE_LOGLEVEL_7=y
# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_6 is not set
# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_5 is not set
# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_4 is not set
# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_3 is not set
# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_2 is not set
# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_1 is not set
# CONFIG_DEFAULT_CONSOLE_LOGLEVEL_0 is not set
CONFIG_DEFAULT_CONSOLE_LOGLEVEL=7
CONFIG_CONSOLE_USE_LOGLEVEL_PREFIX=y
CONFIG_CONSOLE_USE_ANSI_ESCAPES=y
# CONFIG_CMOS_POST is not set
CONFIG_POST_DEVICE_NONE=y
# CONFIG_POST_DEVICE_LPC is not set
# CONFIG_POST_DEVICE_PCI_PCIE is not set
CONFIG_POST_IO_PORT=0x80
CONFIG_HWBASE_DEBUG_CB=y
# end of Console
CONFIG_ACPI_S1_NOT_SUPPORTED=y
CONFIG_HAVE_ACPI_RESUME=y
CONFIG_RESUME_PATH_SAME_AS_BOOT=y
CONFIG_HAVE_MONOTONIC_TIMER=y
CONFIG_IOAPIC=y
CONFIG_ACPI_NHLT=y
CONFIG_USE_WATCHDOG_ON_BOOT=y
#
# System tables
#
CONFIG_GENERATE_SMBIOS_TABLES=y
CONFIG_SMBIOS_PROVIDED_BY_MOBO=y
CONFIG_BIOS_VENDOR="coreboot"
CONFIG_MAINBOARD_SERIAL_NUMBER="123456789"
# end of System tables
#
# Payload
#
# CONFIG_PAYLOAD_NONE is not set
# CONFIG_PAYLOAD_ELF is not set
# CONFIG_PAYLOAD_BOOTBOOT is not set
# CONFIG_PAYLOAD_FILO is not set
# CONFIG_PAYLOAD_GRUB2 is not set
# CONFIG_PAYLOAD_SEAGRUB is not set
# CONFIG_PAYLOAD_LINUXBOOT is not set
# CONFIG_PAYLOAD_SEABIOS is not set
# CONFIG_PAYLOAD_UBOOT is not set
# CONFIG_PAYLOAD_EDK2 is not set
CONFIG_PAYLOAD_LINUX=y
CONFIG_PAYLOAD_FILE="@BOARD_BUILD_DIR@/bzImage"
CONFIG_PAYLOAD_OPTIONS=""
# CONFIG_PXE is not set
CONFIG_LINUX_INITRD="@BOARD_BUILD_DIR@/initrd.cpio.xz"
# CONFIG_PAYLOAD_IS_FLAT_BINARY is not set
CONFIG_COMPRESS_SECONDARY_PAYLOAD=y
#
# Secondary Payloads
#
# CONFIG_COREINFO_SECONDARY_PAYLOAD is not set
# CONFIG_GRUB2_SECONDARY_PAYLOAD is not set
# CONFIG_MEMTEST_SECONDARY_PAYLOAD is not set
# CONFIG_NVRAMCUI_SECONDARY_PAYLOAD is not set
# CONFIG_SEABIOS_SECONDARY_PAYLOAD is not set
# CONFIG_TINT_SECONDARY_PAYLOAD is not set
# CONFIG_COREDOOM_SECONDARY_PAYLOAD is not set
# end of Secondary Payloads
# end of Payload
#
# Debugging
#
#
# CPU Debug Settings
#
# CONFIG_DISPLAY_MTRRS is not set
#
# Vendorcode Debug Settings
#
#
# BLOB Debug Settings
#
#
# General Debug Settings
#
# CONFIG_FATAL_ASSERTS is not set
# CONFIG_DEBUG_CBFS is not set
CONFIG_HAVE_DEBUG_SMBUS=y
# CONFIG_DEBUG_SMBUS is not set
# CONFIG_DEBUG_MALLOC is not set
# CONFIG_DEBUG_CONSOLE_INIT is not set
# CONFIG_DEBUG_SPI_FLASH is not set
# CONFIG_DEBUG_BOOT_STATE is not set
# CONFIG_DEBUG_ADA_CODE is not set
CONFIG_HAVE_EM100_SUPPORT=y
# CONFIG_EM100 is not set
# CONFIG_DEBUG_ACPICA_COMPATIBLE is not set
# end of Debugging
CONFIG_RAMSTAGE_ADA=y
CONFIG_RAMSTAGE_LIBHWBASE=y
CONFIG_SPD_READ_BY_WORD=y
CONFIG_HWBASE_DYNAMIC_MMIO=y
CONFIG_HWBASE_DEFAULT_MMCONF=0xe0000000
CONFIG_HWBASE_DIRECT_PCIDEV=y
CONFIG_DECOMPRESS_OFAST=y
CONFIG_WARNINGS_ARE_ERRORS=y
CONFIG_MAX_REBOOT_CNT=3
CONFIG_RELOCATABLE_MODULES=y
CONFIG_HAVE_BOOTBLOCK=y
CONFIG_HAVE_ROMSTAGE=y
CONFIG_HAVE_RAMSTAGE=y

19
targets/xx80_me_blobs.mk Normal file
View File

@ -0,0 +1,19 @@
# Targets for downloading xx80 ME blob, neutering it and deactivating ME.
# This also uses the deguard tool to bypass Intel Boot Guard exploiting CVE-2017-5705.
# See https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00086.html
# xx80-*-maximized boards require of you initially call one of the
# following to have gbe.bin ifd.bin and me.bin
# - blobs/xx80/download_clean_me_and_deguard.sh
# To download Lenovo original ME binary, neuter+deactivate ME, produce
# reduced IFD ME region and expanded BIOS IFD region.
# - blobs/xx80/extract_and_deguard.sh
# To extract ME binary, GBE and IFD blobs and apply the deguard exploit to the the ME binary.
# Make the Coreboot build depend on the following 3rd party blobs:
$(build)/coreboot-$(CONFIG_COREBOOT_VERSION)/$(BOARD)/.build: \
$(pwd)/blobs/xx80/me.bin
$(pwd)/blobs/xx80/me.bin:
COREBOOT_DIR="$(build)/$(coreboot_base_dir)" \
$(pwd)/blobs/xx80/download_clean_deguard_me.sh $(pwd)/blobs/xx80